Community discussions

MikroTik App

Search found 110 matches

by rpress
Thu Oct 01, 2020 2:43 am
Forum: RouterOS v7 BETA
Topic: Feature request - WPA3 support on ROS 7.X
Replies: 6
Views: 1071

Re: Feature request - WPA3 support on ROS 7.X

I sold all my Mikrotik APs for Ruckus. The Ruckus has WPA2/WPA3 mixed mode and it is working fine. I only have one Linux laptop with WPA3 and the rest WPA2, it's no problem together.

Personally I don't need the features of WPA3 but I like that the Ruckus are future proof at least for some time.
by rpress
Mon Sep 21, 2020 3:02 pm
Forum: RouterOS v7 BETA
Topic: i40e problem with DAC
Replies: 1
Views: 559

Re: i40e problem with DAC

This problem is unchanged with 7.1beta2. I have also tried a couple different SFP+ to copper transceivers. They also have this problem. My theory is that there is a race condition with the link status. When using the LR fiber transceiver (the one which works fine) the link is a bit slower to come up...
by rpress
Tue Sep 08, 2020 9:54 pm
Forum: General
Topic: How to remove 802.1Q header on "untagged" bridge egress
Replies: 25
Views: 1442

Re: How to remove 802.1Q header on "untagged" bridge egress

In the meantime, did you try assigning a PVID (e.g., 1000) to ether3 and ether4 in the bridge port config and then assigning ether3 and ether4 as untagged members of that bridge VLAN (plus any other necessary changes like creating the virtual VLAN interface)? That would effectively turn ether3 and ...
by rpress
Tue Sep 08, 2020 6:30 pm
Forum: General
Topic: How to remove 802.1Q header on "untagged" bridge egress
Replies: 25
Views: 1442

Re: How to remove 802.1Q header on "untagged" bridge egress

It really doesn't matter what VLAN ID is used as default VLAN ID for untagged-only traffic as it's used only internally to unit (be it mikrotik or any other managed switch). Which means that traffic on ethernet cable between MT and switch doesn't (or at least should not) have VLAN tags if traffic b...
by rpress
Tue Sep 08, 2020 12:15 am
Forum: General
Topic: How to remove 802.1Q header on "untagged" bridge egress
Replies: 25
Views: 1442

Re: How to remove 802.1Q header on "untagged" bridge egress

I suspect the tag is originating upstream from ROS. Inferring from the other thread, ROS isn’t adding the tag. Rather, it sees it and treats the packet like a standard untagged packet, which means It simply forwards it and doesn’t modify the header. Disabling VLAN filtering “works,” because it like...
by rpress
Mon Sep 07, 2020 8:43 pm
Forum: General
Topic: How to remove 802.1Q header on "untagged" bridge egress
Replies: 25
Views: 1442

Re: How to remove 802.1Q header on "untagged" bridge egress

@anav It seems that you don't know "export" does not show the default values? Even if I set "pvid=1" it still does not show in "export". But you can see with "print detail" it is already set. I guess you can't fathom that there is some problem with the bridge? Maybe because you have not seen it with...
by rpress
Mon Sep 07, 2020 2:30 am
Forum: General
Topic: How to remove 802.1Q header on "untagged" bridge egress
Replies: 25
Views: 1442

Re: How to remove 802.1Q header on "untagged" bridge egress

It may be the same problem but you have yet to provide the entire config and you are MISSING the UNTAG rules required in the bridge vlan rules. I stated that in my previous message: If I force untagged (which I shouldn't have to) like so, it still has the same problem: /interface bridge vlan add br...
by rpress
Mon Sep 07, 2020 1:23 am
Forum: General
Topic: How to remove 802.1Q header on "untagged" bridge egress
Replies: 25
Views: 1442

Re: How to remove 802.1Q header on "untagged" bridge egress

You have run into the same problem that we are facing with MT and bridging to speak to AT&T fiber in the US. See this thread for more details https://forum.mikrotik.com/viewtopic.php?t=154954#p793156 . I have raised the issue with support already, but no resolution as of yet. It would probably help...
by rpress
Mon Sep 07, 2020 12:47 am
Forum: General
Topic: How to remove 802.1Q header on "untagged" bridge egress
Replies: 25
Views: 1442

Re: How to remove 802.1Q header on "untagged" bridge egress

Thanks guys. Here is my config: /interface bridge add admin-mac=52:54:00:17:DE:AD auto-mac=no igmp-snooping=yes name=bridge1-lan vlan-filtering=yes /interface bridge port add bridge=bridge1-lan interface=ether3-plato add bridge=bridge1-lan frame-types=admit-only-untagged-and-priority-tagged ingress-...
by rpress
Sun Sep 06, 2020 4:04 pm
Forum: General
Topic: How to remove 802.1Q header on "untagged" bridge egress
Replies: 25
Views: 1442

Re: How to remove 802.1Q header on "untagged" bridge egress

To resolve this issue, I have create a Rube Goldberg solution. Routing the packets through a Linux server, I can remove the tag as follows: tc qdisc del dev enp1s0f0np0v0 ingress tc qdisc add dev enp1s0f0np0v0 handle ffff: ingress tc filter add dev enp1s0f0np0v0 parent ffff: protocol 802.1q basic ma...
by rpress
Thu Sep 03, 2020 4:53 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 275
Views: 70269

Re: v7.1beta2 [development] is released!

Huh. Are you sure that both of endpoint can be updated automatically? Nevertheless, I can't find any example of routeros setup with one of the peers is with endpoint (e.g. "client") and other is without ("server"). May be I'm on wrong path... I don't have a single Wireguard interface with one peer ...
by rpress
Wed Sep 02, 2020 7:09 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 275
Views: 70269

Re: v7.1beta2 [development] is released!

Do beta releases require licence for testing ? In other words can I install it f.e. on x86 for tests without any additional licence ? Yes it requires a license. You can get a trial as usual. And actually, when upgrading from v6 the old license is now invalid. So the license must be transferred to t...
by rpress
Fri Aug 28, 2020 12:50 am
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 275
Views: 70269

Re: v7.1beta2 [development] is released!

Looks like only one wireguard interface is working at a time, whatever is started first. Only the first shows as "running". Does anyone have more than one simultaneous wireguard interface working? Thanks both for your input. I have found the problem: using WebFig the listen-port always defaults to ...
by rpress
Thu Aug 27, 2020 9:27 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 275
Views: 70269

Re: v7.1beta2 [development] is released!

Looks like only one wireguard interface is working at a time, whatever is started first. Only the first shows as "running".

Does anyone have more than one simultaneous wireguard interface working?
by rpress
Mon Aug 24, 2020 3:48 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 275
Views: 70269

Re: v7.1beta2 [development] is released!

In IPv6 firewall filter the "reject" action is not working. It causes the whole IPv6 firewall to be bypassed and the counters show bogus numbers. I tried on both "input" and "forward" chains.
by rpress
Sun Aug 23, 2020 8:44 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 275
Views: 70269

Re: v7.1beta2 [development] is released!

Yes, I noticed also comments don't save for wireguard peers at all. Also ipv6 addresses can only be used in CLI.
by rpress
Thu Aug 20, 2020 3:46 pm
Forum: RouterOS v7 BETA
Topic: intel 710 chipset driver
Replies: 2
Views: 380

Re: intel 710 chipset driver

I am using X710-DA4 with v7.1beta1 on CHR. It is working but with SFP+ DAC the link does not come up unless I replug the cable.

Performance is good, I see about 9.8 Gb/s.

I tried to passthrough VF but it is not detected at all. I think there is no iavf driver.
by rpress
Sat Aug 15, 2020 8:53 pm
Forum: RouterOS v7 BETA
Topic: i40e problem with DAC
Replies: 1
Views: 559

i40e problem with DAC

1. Version 7.1beta1 2. CHR x86 3. Using the i40e driver, bring an interface up with a DAC already inserted and linked. The interface does not register "link ok". The DAC must be removed and plugged again to get the port to link. 4. /interface ethernet set [ find default-name=ether6 ] mtu=9100 name=e...
by rpress
Sat Aug 15, 2020 8:01 pm
Forum: General
Topic: How to remove 802.1Q header on "untagged" bridge egress
Replies: 25
Views: 1442

How to remove 802.1Q header on "untagged" bridge egress

I have a bridge with some "untagged" ports. Some of my devices cannot understand this traffic, and sniffing the network I can see the problem. The "untagged" traffic still has a 802.1Q header with VLAN of 0. Now if the device was able to understand 802.1Q headers it will know that VLAN 0 is "no tag"...
by rpress
Tue Aug 11, 2020 12:13 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta1 [development] is released!
Replies: 103
Views: 41165

Re: v7.1beta1 [development] is released!

On another topic, does anyone know if v7.1 has a working i40e driver? I was thinking of buying an Intel card for use with SR-IOV. Yes, it does. Thanks for your reply. I have installed the card, and indeed i40e driver is working, I can passthrough the PF. What I did not realize is that Intel uses a ...
by rpress
Mon Aug 03, 2020 1:53 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta1 [development] is released!
Replies: 103
Views: 41165

Re: v7.1beta1 [development] is released!

Does anyone see a problem with per client queues? When I try to use pcq-upload-default it reboots. I have had trouble with QEMU, I am not sure if it is my settings there. I am using that on a CCR-1009 without issues. Thanks for your reply. I have played around some more, knowing that you have it wo...
by rpress
Sat Aug 01, 2020 3:13 am
Forum: RouterOS v7 BETA
Topic: v7.1beta1 [development] is released!
Replies: 103
Views: 41165

Re: v7.1beta1 [development] is released!

Does anyone see a problem with per client queues? When I try to use pcq-upload-default it reboots. I have had trouble with QEMU, I am not sure if it is my settings there.
by rpress
Mon Jul 29, 2019 2:49 pm
Forum: General
Topic: 802.11ac Wave2 Support?
Replies: 57
Views: 20448

Re: 802.11ac Wave2 Support?

160MHz does not work in the US, presumably because Mikrotik did not complete the necessary testing required.

https://apps.fcc.gov/oetcf/kdb/forms/FT ... P&id=27155
by rpress
Sat Jul 13, 2019 6:12 pm
Forum: Wireless Networking
Topic: "united states3" bands
Replies: 2
Views: 1242

Re: "united states3" bands

I was looking at the RB4011, but based on the lack of responses I didn't see much hope in sticking with Mikrotik for my wireless. I guess the US is not an important market for them. I just finished setting up my Ruckus R720. Previously I was seeing about 220 Mbps with my hAP ac at 80 MHz. With the n...
by rpress
Sat Jun 29, 2019 10:54 pm
Forum: Wireless Networking
Topic: "united states3" bands
Replies: 2
Views: 1242

Re: "united states3" bands

Is it a violation of FCC to use an international model Mikrotik device, set to "united states2", and used in the United States?
by rpress
Fri Jun 28, 2019 5:45 pm
Forum: Wireless Networking
Topic: "united states3" bands
Replies: 2
Views: 1242

"united states3" bands

Is there a reason "united states3" country setting does not support U-NII-2A and U-NII-2C bands? These bands are disabled in all US sold devices. These frequencies are legal for use, see the linked document. https://transition.fcc.gov/oet/ea/presentations/files/may17/31-Part-15-Panel-UNII-UpdatesDT....
by rpress
Wed Oct 27, 2010 8:15 pm
Forum: General
Topic: RouterOS v5 RC2
Replies: 91
Views: 16829

Re: RouterOS v5 RC2

Wow, support for ipsec NAT-T!

Still crashes WinBox when opening up an IPv6 route on my RB750. It has done this ever since the new WinBox GUI look. It did this even with a clean install.
by rpress
Mon Jul 26, 2010 5:14 am
Forum: General
Topic: RouterOS 5 beta 5
Replies: 22
Views: 7244

Re: RouterOS 5 beta 5

I still have the problem (since beta 4) that opening up an IPv6 route closes WinBox. It happens on my RB750 but not on the RB433, both with a clean config.
by rpress
Sat Jul 10, 2010 12:37 am
Forum: General
Topic: RouterOS v5 beta4 released
Replies: 48
Views: 12663

Re: RouterOS v5 beta4 released

About every two days my SIP VoIP cannot register with the server. It's probably related to the possible change in the connection tracking as it's been working fine before. Asterisk shows the registration request has been sent but it never completes. A reboot of the router solves the problem instantl...
by rpress
Thu Jul 08, 2010 5:03 am
Forum: General
Topic: RouterOS v5 beta4 released
Replies: 48
Views: 12663

Re: RouterOS v5 beta4 released

The SSTP server binds itself to every IP on the router on this port so there is no way to use port 443 for anything else. You can just block the port in the firewall 'input' chain, or really just allow 443 to only the desired IP and then block everything else. I tested this and it does work, I was ...
by rpress
Wed Jun 30, 2010 7:14 pm
Forum: General
Topic: RouterOS v5 beta4 released
Replies: 48
Views: 12663

Re: RouterOS v5 beta4 released

Opening up an IPv6 route closes my WinBox. This was on a clean install, rb750. I can add/edit routes using terminal just fine. Memory leak looks fixed so far. I noticed weirdness where an aborted PPTP client session would not delete the IP address and then it couldn't reconnect because the old addre...
by rpress
Tue Jun 29, 2010 11:54 pm
Forum: General
Topic: MikroTik RouterOS version 5.0beta3 released!
Replies: 91
Views: 33151

Re: MikroTik RouterOS version 5.0beta3 released!

any news about SSTP? everything working correctly so far? how about Windows 7 clients to your SSTP server? Also work fine? Cant say for sure yet. Have about 20 SSTP connections, but all OVPN/SSTP bombs randomly which you said is because of OVPN.. But im not upgrading any more because of the memory ...
by rpress
Mon Jun 21, 2010 6:04 pm
Forum: General
Topic: SSTP on Vista or Win7 successful ????
Replies: 18
Views: 4697

Re: SSTP on Vista or Win7 successful ????

Thank you for the update which version you got it working on ?
5.0beta3
by rpress
Mon Jun 21, 2010 3:56 am
Forum: General
Topic: SSTP on Vista or Win7 successful ????
Replies: 18
Views: 4697

Re: SSTP on Vista or Win7 successful ????

Aha, got it working, had to reload the certificate. My certificate is from cacert.org. IPv6 works over SSTP too. There is still some problem with beta3 as my memory is being eaten up; I have emailed support.
by rpress
Sat Jun 19, 2010 8:31 am
Forum: General
Topic: SSTP on Vista or Win7 successful ????
Replies: 18
Views: 4697

Re: SSTP on Vista or Win7 successful ????

I had SSTP server working on beta1, but beta2 & beta3 give same root certificate error in Win7.
by rpress
Tue May 18, 2010 2:57 am
Forum: General
Topic: RouterOS on Watchguard xSeries h/w
Replies: 69
Views: 13843

Re: RouterOS on Watchguard xSeries h/w

We use a Watchguard x500 at the office here. I used Netinstall to put it on a larger CF and it works fine. I also made an adapter cable to get the LCD working; somewhere I have the drawing for that cable, it has a transistor & a couple resistors in it. Attached is the drawing for the LCD schematic.
by rpress
Tue Apr 06, 2010 7:29 pm
Forum: General
Topic: SSTP & IPv6
Replies: 21
Views: 6566

Re: SSTP & IPv6

Currently you can't connect to the router using IPv6 address. This feature will be added in future versions.
Thanks for the reply, I appreciate it.
by rpress
Fri Apr 02, 2010 6:59 pm
Forum: General
Topic: RB750 and Microsoft Hyper-V incompatible?
Replies: 8
Views: 1821

Re: RB750 and Microsoft Hyper-V incompatible?

I'm running trixbox (paravirtualized) on my XenServer at home, I have no problems with it. All the servers on the XenServer use DHCP from my RB750 and it is also working fine.
by rpress
Fri Apr 02, 2010 1:17 am
Forum: General
Topic: IPv6 RA not working when ports are slaved
Replies: 7
Views: 1507

Re: IPv6 RA not working when ports are slaved

This problem still exists in ROS v5.0beta1.
by rpress
Thu Apr 01, 2010 6:27 pm
Forum: General
Topic: SSTP & IPv6
Replies: 21
Views: 6566

Re: SSTP & IPv6

Ok, I have IPv6 working over SSTP. But what about the first part of my question, does SSTP listen on the IPv6 addresses? Can I connect to the SSTP server using IPv6?
by rpress
Wed Mar 31, 2010 10:03 pm
Forum: General
Topic: SSTP & IPv6
Replies: 21
Views: 6566

SSTP & IPv6

I just installed 5.0beta1 on my RB750.

Does SSTP listen on IPv6? It does not seem to. If not, is this planned for a future release? I was really hoping for this.

I assume IPv6 over the SSTP tunnel works because the changelog says IPv6 over PPP is supported. Yes?
by rpress
Tue Mar 30, 2010 12:49 am
Forum: General
Topic: Simple question about priority
Replies: 45
Views: 7151

Re: Simple question about priority

The point is that the queue will reside on the DSL modem and not on the MikroTik router... You need visibility as to the queued packets inside the modem. The MikroTik will not be the one dropping packets, it could probably figure it out with TCP but UDP will have no indicator. Even if you have all t...
by rpress
Fri Mar 19, 2010 8:12 pm
Forum: General
Topic: Simple question about priority
Replies: 45
Views: 7151

Re: Simple question about priority

This slightly contradicts what was said above. Apears that "limit-at" has nothing to do with priority. I still want to ask, in this case, priority will work or not: Yes it will work with only max-limit on the parent queue, and just priority for the child queue. Priority does work with no max-limit ...
by rpress
Fri Mar 19, 2010 1:37 am
Forum: General
Topic: Intel Atom board D945GCLF fot MT
Replies: 27
Views: 6061

Re: Intel Atom board D945GCLF fot MT

look at the picture - no fans =)

maybe it's from RB1000 description?.. it has two fans...
Dual fan with failover support mounted at case back
Did you find a picture of the rear of the unit?
by rpress
Thu Mar 18, 2010 9:43 pm
Forum: General
Topic: Intel Atom board D945GCLF fot MT
Replies: 27
Views: 6061

Re: Intel Atom board D945GCLF fot MT

RB1100 pricing and capabilities are quite good and bypass feature is a nice bonus. One thing amiss is lack of USB port(s) on RB1100.

Anybody knows how many fans are on RB1100 and how noisy it is?
http://www.roc-noc.com/pdf/RB1100/rb1100.pdf

Says dual fan with failover.
by rpress
Thu Mar 18, 2010 8:10 pm
Forum: General
Topic: Intel Atom board D945GCLF fot MT
Replies: 27
Views: 6061

Re: Intel Atom board D945GCLF fot MT

RB1100 is low cost rackmount router. Do you like it? Yes, it is pretty good! Pretty much the same cost as our router. It has more ports and better VPN performance, ours has USB ports and ability for internal wireless card. Is the microSD card externally accessible? Is it used for firmware/config? W...
by rpress
Wed Mar 17, 2010 8:14 pm
Forum: General
Topic: Problems with DNS in Version 4.x
Replies: 47
Views: 8525

Re: Problems with DNS in Version 4.x

I too had problems with the MikroTik DNS server. I was just using it to cache records, as a resolving DNS server. After a couple days it would stop responding, so I stopped using it.
by rpress
Mon Mar 15, 2010 9:52 pm
Forum: General
Topic: dns problem for incomming vpn users
Replies: 27
Views: 26135

Re: dns problem for incomming vpn users

Yep, I noticed the lack of DNS suffix for VPNs as well. Eventually I resorted to using a WINS server.
by rpress
Wed Mar 03, 2010 6:32 pm
Forum: General
Topic: IPv6 RA not working when ports are slaved
Replies: 7
Views: 1507

Re: IPv6 RA not working when ports are slaved

I have this exact problem as well. When switch ports are slaved on my RB750, RADVD tries to advertise on them. In the logs the error is: "radvd debug sendmsg failed on private (fe80:20c:42ff:fe55:b518): Invalid argument" When I disable the slave ports RADVD works correctly, but only after a router r...
by rpress
Fri Feb 26, 2010 6:45 pm
Forum: General
Topic: QoS with dynamic bandwitdh
Replies: 5
Views: 1228

Re: QoS with dynamic bandwitdh

It is a very difficult problem. If your upstream device understands DSCP then you can tag outgoing traffic with a mangle rule. This will not control inbound traffic, however. If it is a wireless link you can enable WMM on both sides and then set the RouterOS priority with a mangle rule. Otherwise yo...
by rpress
Fri Feb 26, 2010 6:33 pm
Forum: General
Topic: RouterOS v4.6 released
Replies: 80
Views: 13711

Re: RouterOS v4.6 released

I was hoping the OpenVPN bug would be fixed as well... I guess I'll wait for the next version.
by rpress
Wed Feb 17, 2010 6:06 am
Forum: General
Topic: Response from support
Replies: 30
Views: 7600

Re: Response from support

Well, I stopped using OpenVPN for now, just using L2TP. This didn't fix the router not responding though. I had one WAN connection that was particularly flaky and the OSPF would go up and down often. I disabled OSPF for this interface and just did static routes. Uptime so far is 4 days - knock on wo...
by rpress
Fri Feb 12, 2010 6:49 pm
Forum: General
Topic: Response from support
Replies: 30
Views: 7600

Re: Response from support

Thanks for your response, I also just received a response to my ticket. Sorry I had to mention it in the forum but I did try to send a few emails to support, first.
by rpress
Thu Feb 11, 2010 9:06 pm
Forum: General
Topic: Response from support
Replies: 30
Views: 7600

Response from support

Anyone else have no response from support@mikrotik.com? Maybe they are on holiday? My first email was on the February 2nd, now it's the 11th. I sent supout.rif. Ticket # 2010020266000501. My problem is with OpenVPN, RouterOS 4.5, x86. After a few days all VPNs fail to connect with "could not negotia...
by rpress
Wed Feb 03, 2010 8:41 pm
Forum: Wireless Networking
Topic: crappy ping result lol
Replies: 3
Views: 1010

Re: crappy ping result lol

What is your DD-WRT wireless chipset? Broadcom maybe?

I've noticed very erratic ping times with Gemtek chipsets on client machines.
by rpress
Tue Feb 02, 2010 11:10 pm
Forum: General
Topic: RouterOS on Watchguard xSeries h/w
Replies: 69
Views: 13843

Re: RouterOS on Watchguard xSeries h/w

You did a Netinstall on the CF and then stuck it into the Watchguard? You should just skip trying it on your netbook.
by rpress
Tue Feb 02, 2010 10:42 pm
Forum: General
Topic: RouterOS on Watchguard xSeries h/w
Replies: 69
Views: 13843

Re: RouterOS on Watchguard xSeries h/w

We use a Watchguard x500 at the office here. I used Netinstall to put it on a larger CF and it works fine. I also made an adapter cable to get the LCD working; somewhere I have the drawing for that cable, it has a transistor & a couple resistors in it.
by rpress
Thu Jan 21, 2010 8:02 pm
Forum: General
Topic: Popularity of RouterOS on X86
Replies: 1
Views: 618

Re: Popularity of RouterOS on X86

With the RTL8169 I have seen pretty bad performance with RouterOS, at least a couple months ago. Might want to do some tests - if I recall it had problems with TCP but not really UDP. I believe it is a Linux driver issue.

I think MikroTik is pretty happy with the performance of the RB1000.
by rpress
Wed Jan 20, 2010 9:02 pm
Forum: General
Topic: RouterOS logo
Replies: 5
Views: 1183

Re: RouterOS logo

I downloaded WinBox again but mine is still blocky.
Untitled.png
by rpress
Tue Jan 19, 2010 7:42 pm
Forum: General
Topic: RouterOS logo
Replies: 5
Views: 1183

Re: RouterOS logo

Doesn't it look like the 'i' in MikroTik? I don't see any reason for concern. WinBox has had that logo for a couple RouterOS revisions now, although the WinBox version number stayed the same. :) My one complaint is that in Windows 7 the icon is large in the task bar, but the icon does not have a hig...
by rpress
Fri Jan 15, 2010 8:12 pm
Forum: General
Topic: Prioritize SIP Packets with PCQ enabled
Replies: 5
Views: 1566

Re: Prioritize SIP Packets with PCQ enabled

You mean packet mark for PCC (Per Connection Classifier) load balance, and not PCQ (Per Connection Queue) for bandwidth sharing, right? For PCC you only need mark-connection and mark-routing, so this leaves mark-packet for HTB queue. For HTB queue using mark-connection and mark-packet is better, use...
by rpress
Thu Dec 31, 2009 12:23 am
Forum: Beginner Basics
Topic: Windows Vista cannot obtain IP from DHCP on RB493
Replies: 8
Views: 3447

Re: Windows Vista cannot obtain IP from DHCP on RB493

DHCP is working here with Vista and Win7 clients, the computer I am typing on is Win7 using MikroTik DHCP. Maybe you have another DHCP server on the network? Here is my config, maybe it helps you. /ip dhcp-server add address-pool=private authoritative=after-2sec-delay bootp-support=static \ disabled...
by rpress
Wed Dec 30, 2009 10:57 pm
Forum: General
Topic: Deleted Static Routes Reappearing ROS 4.4 (x86)
Replies: 10
Views: 2068

Re: Deleted Static Routes Reappearing ROS 4.4 (x86)

You can change the name of the certificate after import.

/certificate set 0 name="vpn_1"
by rpress
Sun Dec 27, 2009 12:34 am
Forum: General
Topic: IPv6 firewall rule examples
Replies: 4
Views: 19455

IPv6 firewall rule examples

Would anyone like to share their IPv6 firewall rules or comment on mine? Here is mine: /ipv6 firewall filter add action=accept chain=input comment="Allow established connections" connection-state=established disabled=no add action=accept chain=input comment="Allow related connections" connection-sta...
by rpress
Thu Dec 24, 2009 11:33 pm
Forum: General
Topic: Poor ML/PPP Upstream Performance
Replies: 7
Views: 1560

Re: Poor ML/PPP Upstream Performance

It's too bad that the performance is degraded when one link goes down... But how often will this be the case? In normal operation won't all links be up? I'm guessing it does a sort of round-robin transmit and when one link fails it tries to use that interface anyway and has to resend on the other li...
by rpress
Thu Dec 24, 2009 11:29 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 51826

Re: IPSEC and NAT-T problem

I just tested the IPSEC NAT-T and it is indeed working in v4.4.
by rpress
Thu Dec 24, 2009 11:28 pm
Forum: General
Topic: Really frustrated
Replies: 7
Views: 1283

Re: Really frustrated

Well, I use the same certificate and it works for me, I can see for multiple clients that you would want separate certs. I just read the documentation and it seems to suggest that multiple certs will work as long as you import the CA as well. The documentation also says "server mode (multi client to...
by rpress
Thu Dec 24, 2009 6:52 pm
Forum: General
Topic: Really frustrated
Replies: 7
Views: 1283

Re: Really frustrated

Pretty sure you gotta have the certs on both sides be exactly the same. That's what I do. I don't think the CN matters.
by rpress
Thu Dec 24, 2009 12:20 am
Forum: General
Topic: Really frustrated
Replies: 7
Views: 1283

Re: Really frustrated

Maybe try 0.0.0.0/0 instead of 0.0.0.0. I have OpenVPN working MT-MT with dynamic IP and certificates. You mean you are not using user/pass in secrets as well?
by rpress
Wed Dec 23, 2009 10:56 pm
Forum: General
Topic: MikroTik as OpenVPN client
Replies: 17
Views: 6893

Re: MikroTik as OpenVPN client

Are you logging ovpn at debug level like so: /system logging add action=memory disabled=no prefix="" topics=ovpn,debug Unfortunately I have noticed that the OVPN in MikroTik does not have very good debug output. It looks to me like the DD-WRT is proposing cypher and auth and MikroTik rejects it and ...
by rpress
Wed Dec 23, 2009 10:14 pm
Forum: General
Topic: MikroTik as OpenVPN client
Replies: 17
Views: 6893

Re: MikroTik as OpenVPN client

Did you try smaller than a 7 character password? A known issue, greater than 7 characters does not work, at least with MT-MT OVPN.

Make sure you open TCP 1194 in the firewall. Try to reboot the MikroTik.
by rpress
Wed Dec 23, 2009 7:55 pm
Forum: General
Topic: Port forward multiple IP's on same interface
Replies: 10
Views: 3266

Re: Port forward multiple IP's on same interface

Doh! I found the problem. I should have used dst-address instead of src-address Change add action=dst-nat chain=dstnat comment="" disabled=no dst-port=80 protocol=\ tcp src-address=10.10.10.104 to-addresses=192.168.30.104 to-ports=80 to add action=dst-nat chain=dstnat comment="" disabled=no dst-por...
by rpress
Wed Dec 16, 2009 6:10 am
Forum: Forwarding Protocols
Topic: PCQ over variable capacity MPLS link
Replies: 0
Views: 705

PCQ over variable capacity MPLS link

Soon we're going to switch to a new network provider that uses MPLS. They are going to use a Cisco IAD to provide a PRI to the phone system and ethernet for our internet & private network. The connections will be 3Mbit at some sites and 1.5Mbit at others. I'd like to be able to implement an upload P...
by rpress
Wed Dec 16, 2009 1:19 am
Forum: General
Topic: Advice for VPN for Mikrotik, IPv4 and IPv6
Replies: 12
Views: 3015

Re: Advice for VPN for Mikrotik, IPv4 and IPv6

I have three MikroTik OVPN clients connecting to one server, and it works fine. The documentation does seem to suggest otherwise. I am using RouterOS 4.3.
by rpress
Wed Dec 09, 2009 2:25 am
Forum: Wireless Networking
Topic: Wifi and 3G interference
Replies: 5
Views: 1406

Re: Wifi and 3G interference

This is goung to sound stupid.... but... Move the laptop away from the router a bit... I have seen that woth 802.11N that bing too close can shut communication completely off !! I have a Toshiba laptop that I have to keep about 5 to10 feet away, then it works GREAT... Ok, I tried that... Still drop...
by rpress
Tue Dec 08, 2009 6:11 pm
Forum: Wireless Networking
Topic: Wifi and 3G interference
Replies: 5
Views: 1406

Re: Wifi and 3G interference

How do you know the sprint card has anything to do with your problem? Yeah, I should have mentioned this. With the Sprint card completely removed I did not see any dropped packets. I have upped the hw-retries to 15 and this has helped somewhat. I have tried an R52n card, and a 802.11G Atheros card....
by rpress
Tue Dec 08, 2009 12:20 am
Forum: Wireless Networking
Topic: Wifi and 3G interference
Replies: 5
Views: 1406

Wifi and 3G interference

I'm putting together a RB411U with a Sprint U720 minipci-e modem and a R2n wifi card. The client adapter is 802.11G, about 4 feet away. With the Sprint modem operating I am seeing packet loss on the wifi. About 2% loss even with no traffic. Ping times are mostly 1-5ms with the occasional 100+ms. I'v...
by rpress
Sat Dec 05, 2009 12:57 am
Forum: General
Topic: Traffic not always routing through x86 machine
Replies: 3
Views: 653

Re: Traffic not always routing through x86 machine

You mean http://forum.landrovernet.com, right? Can you ping the sites that don't work? I have seen where the MSS is too large will cause some sites to not work. This is due to some MTU along the way being too small. If ICMP is blocked on their side then the web site will not be able to send the ICMP...
by rpress
Fri Dec 04, 2009 5:28 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 51826

Re: IPSEC and NAT-T problem

Fix for the problem will be included in version 4.4. Thank you very much for your reports. If anyone will have the problem with ISAKMP header, please let us know. Woohoo! Thank you! Now for L2TP/IPSEC the L2TP is still somewhat broken, it responds on the wrong IP... http://forum.mikrotik.com/viewto...
by rpress
Thu Dec 03, 2009 8:10 pm
Forum: General
Topic: Support Atom
Replies: 7
Views: 1544

Re: Support Atom

Just recently we've been building our own 1U Atom 330 units. We have about seven in the field and they are working great. They have a RB44GV in each, running off CompactFlash. Can you tell the model of the motherboard you are using? I had large number of the first intel Atom boards go bad due to co...
by rpress
Thu Dec 03, 2009 7:28 pm
Forum: General
Topic: Support Atom
Replies: 7
Views: 1544

Re: Support Atom

Just recently we've been building our own 1U Atom 330 units. We have about seven in the field and they are working great. They have a RB44GV in each, running off CompactFlash.
by rpress
Sat Oct 31, 2009 12:19 am
Forum: General
Topic: easy wifi question - no dhcp through Wifi
Replies: 1
Views: 612

Re: easy wifi question - no dhcp through Wifi

You need something like this, assuming lan is ether1. Then setup just one DHCP server on bridge1 for both LAN and WLAN. /interface bridge add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \ comment="" disabled=no forward-delay=15s l2mtu=2290 max-message-age=20s \ mtu=1500 name=...
by rpress
Thu Oct 22, 2009 7:26 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 51826

Re: IPSEC and NAT-T problem

No connection to this "feature"? The default behavior of IPsec NAT traversal (NAT-T) is changed in Windows XP Service Pack 2 http://support.microsoft.com/kb/885407/en-us How to configure an L2TP/IPsec server behind a NAT-T device in Windows Vista and in Windows Server 2008 http://support.microsoft....
by rpress
Thu Oct 15, 2009 7:49 pm
Forum: General
Topic: RouterOS v4 released
Replies: 38
Views: 4117

Re: RouterOS v4 released

I was excited to see the temperature monitoring, and it does work correctly in the terminal.

However I can't bring up the numbers in SNMP, they just show as zero. Is there another OID to use? I want to add a notification with The Dude for an overtemperature alarm.
by rpress
Thu Oct 15, 2009 7:42 pm
Forum: General
Topic: Intel Atom board D945GCLF fot MT
Replies: 27
Views: 6061

Re: Intel Atom board D945GCLF fot MT

I just build 7 routers with the Intel D945GCLF2, 4 port PCI RB44GV NIC, and a small 1U case. We have installed a couple so far and they are working great! Using RouterOS v3.30 and v4, no reboot problems. Too bad MikroTik doesn't see a market for a lower cost rackmount router; when I brought it up at...
by rpress
Thu Oct 15, 2009 7:33 pm
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4805

Re: Problems with VPN

I just sent an email to support so we'll see what they think.
by rpress
Thu Oct 15, 2009 6:25 pm
Forum: General
Topic: dual wan / single lan / port forwarding / policy routing
Replies: 4
Views: 3993

Re: dual wan / single lan / port forwarding / policy routing

Yes it is a tricky thing to have dstnat services on two gateways... Setup your routing table like so: /ip route add check-gateway=ping comment="Internet - Primary" disabled=no distance=1 \ dst-address=0.0.0.0/0 gateway=xxx.xxx.240.193 scope=30 target-scope=10 add comment="Internet - Failover" disabl...
by rpress
Thu Oct 08, 2009 11:20 pm
Forum: General
Topic: NAT Problem! Local hosts can't access through NATed address.
Replies: 3
Views: 2057

Re: NAT Problem! Local hosts can't access through NATed address.

I think I know what you are trying to do... You have a dstnat on the router for a web server, and you are trying to get to it from machines that use the same router as their gateway? I'm guessing you have a default srcnat masquerade rule like: /ip firewall nat add action=masquerade chain=srcnat disa...
by rpress
Fri Oct 02, 2009 7:25 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 51826

Re: IPSEC and NAT-T problem

That's fantastic you are looking into the issue. I don't know how to fix the problem but I will see if I can come up with anything.
by rpress
Fri Oct 02, 2009 1:41 am
Forum: General
Topic: DHCP woes
Replies: 8
Views: 1462

Re: DHCP woes

Yes DD-WRT relays the DHCP for some weird reason. I've had this same issue, and adding that relay to the same pool solves the problem.
by rpress
Thu Oct 01, 2009 8:47 pm
Forum: Virtualization
Topic: XEN on Dell Server
Replies: 2
Views: 2245

Re: XEN on Dell Server

Yes it's possible, I have RouterOS running under Xen. However you can only use emulated NICs so performance suffers and this configuration is unsupported by MikroTik; they say it will probably never be supported due to how they do their licensing.
by rpress
Mon Aug 24, 2009 8:41 pm
Forum: General
Topic: WDS connected via cat5 - is this feasible?
Replies: 31
Views: 5168

Re: WDS connected via cat5 - is this feasible?

What you want is simple roaming, I don't think you need WDS. Just set each AP to the same SSID, WPA key, and in your case, channel, and you should be fine.
by rpress
Mon Aug 17, 2009 8:28 pm
Forum: General
Topic: RouterOS L2TP server with Windows XP/Vista client behind NAT
Replies: 4
Views: 1190

Re: RouterOS L2TP server with Windows XP/Vista client behind NAT

NAT-T is what you want. I tried in the past with 3.25 but I couldn't get mine working though, it looks like there is some problem with the kernel routing packets incorrectly once NAT-T is enabled. I posted about that problem a while ago in another thread. Let us know if you manage to get it working.
by rpress
Fri Aug 07, 2009 11:41 pm
Forum: General
Topic: HOWTO: Windows File & Print Sharing over PPTP VPN
Replies: 16
Views: 26138

Re: HOWTO: Windows File & Print Sharing over PPTP VPN

There is a MikroTik script somewhere that will take the hostname from the DHCP leases and then create a DNS entry, kind of a "poor man's" DNS registration.
by rpress
Mon Jul 27, 2009 10:26 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 51826

Re: IPSEC and NAT-T problem

Thanks Andrew. Unfortunately for me the client is a roadwarrior so there is no access to the client NAT.

I'm not sure if this is a kernel issue or a racoon issue but some other distros have this problem as well.
by rpress
Tue Jul 21, 2009 7:01 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 51826

Re: IPSEC and NAT-T problem

It seems the tunnel is established correctly, but the kernel is not capturing the tunneled packets and is instead letting them go through to racoon. They're not a valid isakmp packet so racoon says the length is wrong.
by rpress
Tue Jul 21, 2009 6:13 pm
Forum: General
Topic: IPSEC and NAT-T problem
Replies: 60
Views: 51826

IPSEC and NAT-T problem

I have a VPN from Windows 7 laptop to MikroTik using L2TP/IPSEC with NAT-T. It works without NAT-T but it has a strange error using NAT-T: 14:59:28 ipsec respond new phase 1 negotiation: 68.183.xxx.xxx[500]<=>67.169.xxx.xxx[500] 14:59:28 ipsec begin Identity Protection mode. 14:59:28 ipsec received ...
by rpress
Fri Jun 26, 2009 12:40 am
Forum: General
Topic: Intel Atom vs RB1000
Replies: 12
Views: 6421

Re: Intel Atom vs RB1000

We are testing with a dual core Atom 330. Hardware cost with 1U case is $410, measured power consumption 36W. Case is only 8" deep with PCI slot, compactflash, space for 2.5" HDD. www.idotpc.com case with MSI IM-945GC motherboard. Unfortunately there is a weird problem with the onboard NICs where UD...
by rpress
Thu Jun 25, 2009 10:08 pm
Forum: General
Topic: wireless-test sucks the life out of my Nokia N95...?
Replies: 1
Views: 749

Re: wireless-test sucks the life out of my Nokia N95...?

I was running 4.0beta3 with an 802.11g card and things were fine. Just recently I installed an ar5416 in 802.11n mode and now it sucks down my Nokia e71x phone battery.
by rpress
Fri Jun 19, 2009 6:13 am
Forum: General
Topic: problem with netinstall and cf kingston 2gb
Replies: 4
Views: 1343

Re: problem with netinstall and cf kingston 2gb

I also just tried Kingston 2GB compact flash card part number CF/2GBKR, and it also hangs after SYSLINUX. I used NetInstall and it formatted and installed just fine, but it does not boot; the HDD LED is solid and it hangs. I tried a couple other cards (256MB, 512MB) also with NetInstall and they boo...
by rpress
Fri Jun 12, 2009 8:26 pm
Forum: Wireless Networking
Topic: 802.11n
Replies: 939
Views: 307177

Re: 802.11n

Should 4.0beta3 work with AR5416 cards? I tried mine and it does not create an interface. It is shown in PCI resources:

name: AR5416 802.11a/b/g/n Wireless PCI Adapter (rev: 1)
vid: 0x168c
did: 0x168c
by rpress
Sat May 16, 2009 11:11 pm
Forum: General
Topic: VOIP and QOS
Replies: 7
Views: 3337

Re: VOIP and QOS

I use simple queues for VoIP and it works very well. This is for a 3 Mb/s line with 10.69.77.222 as the asterisk server. /queue type add kind=pcq name=pcq-upload pcq-classifier=src-address pcq-limit=50 \ pcq-rate=0 pcq-total-limit=2000 add kind=pcq name=pcq-download pcq-classifier=dst-address pcq-li...
by rpress
Fri May 15, 2009 5:58 pm
Forum: General
Topic: L2TP IPSEC from XP to RB1000 ping works but nothing else
Replies: 2
Views: 588

Re: L2TP IPSEC from XP to RB1000 ping works but nothing else

Could be a routing problem, NAT, or who knows. Why don't you post up the pertinent exports.

You can also use the packet sniffer under tools to see what traffic is going across the VPN.
by rpress
Fri May 15, 2009 5:35 pm
Forum: General
Topic: openvpn secret's password longer then 7 chars fails
Replies: 2
Views: 856

Re: openvpn secret's password longer then 7 chars fails

I have the same problem, the OpenVPN password only works if it is 7 characters or shorter. I can not imagine what would cause this problem but I want to chime in and say it is not only trx with the problem.
by rpress
Thu May 14, 2009 8:41 pm
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4805

Re: Problems with VPN

Well the L2TP problem still exists. I guess nobody else has this problem based on the lack of response. The L2TP server seems to respond on the "preferred source" address from the IP routing table even if the client connected to a different IP. This seems like a bug. I've mostly figured out the Open...
by rpress
Sun May 10, 2009 8:44 am
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4805

Re: Problems with VPN

bump
by rpress
Fri May 08, 2009 9:20 am
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4805

Re: Problems with VPN

So, is the L2TP problem a bug? Does anyone else have L2TP working with multiple IPs on the outgoing subnet?
by rpress
Thu May 07, 2009 5:40 pm
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4805

Re: Problems with VPN

Here is my L2TP config: [admin@client] /ip route> export /ip route add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ xxx.xxx.43.32 scope=30 target-scope=10 add comment="" disabled=no distance=1 dst-address=192.168.0.0/16 gateway=\ 192.168.90.254 scope=30 target-scope=10 [admin@cl...
by rpress
Thu May 07, 2009 8:35 am
Forum: General
Topic: Problems with VPN
Replies: 9
Views: 4805

Problems with VPN

I am trying to get a MT-MT VPN working but I ran into some snags. 1) I first tried to set up a L2TP VPN. After configuring it all it still did not work so I used the packet sniffer. What I saw was that the client was sending connect data (normal) but the server would respond on another of the public...